Google has paid out $11,500 in bounty money to security researchers for spotting bugs in the latest stable version of its Chrome web browser, released yesterday. $7,000 goes to a single developer, named "miaubiz", who discovered seven separate bugs, including several problems with the browser's handling of SVG images. A further $4,000 goes to Jüri Aedla, who spotted two integer overflows, one threatening more than just the browser, potentially allowing an attacker to affect the underlying system on 64-bit Linux machines. Meanwhile, Nicholas Gregoire picks up a modest $500 for spotting a "wild read in XSL handling."
"We’d also like to thank Arthur Gerkis, Atte Kettunen of OUSPG and miaubiz for working with us during the development cycle and preventing security regressions from ever reaching the stable channel," writes Chrome developer Dharani Govindan in the announcement post. "Various additional rewards were issued for this awesomeness."
Users running the stable branch of Chrome should receive the update automatically over the next few days. If you can't wait, navigate to the browser's "About" box and click the update button to install it manually.